by Brianna Crandall — March 11, 2016—ASIS International, (ISC)² and ISACA, the preeminent professional associations for physical, cyber and information security, have signed an agreement to develop a Security Awareness American National Standard. This guidance standard will address the intersections of physical, cyber and information security management to help organizations of all sizes maximize protection of people, property and assets.
In an increasingly complex and interconnected world, the public and private sector are faced with growing physical and electronic challenges to protect personal information, business transactions and critical infrastructure. Given the convergence of risks and fading boundaries between physical, cyber and information security, it is essential that organizations of all types and sizes have the best tools at their disposal to promote security awareness from a holistic perspective, says ASIS.
Dr. Marc H. Siegel, commissioner, ASIS Global Standards Initiative, comments:
The human element is central to any successful security strategy. By promoting a “security awareness culture,” organizations can proactively prevent problems that detract from achieving their business objectives. The proposed standard will integrate physical, cyber, and information security into day-to-day business and risk management practices. It will emphasize that everyone in the organization is part of the risk equation, and therefore, part of the solution.
The security standard will focus on cross-disciplinary management measures, as well as awareness and training programs to help organizations and their supply chains prepare for and minimize the likelihood of an undesirable event, as well as respond to and recover from a security incident.
Topics of discussion related to security awareness will include:
- Physical security
- Information security
- Cyber security
- Wireless networks
- Password security
- Intangible asset security (brand, reputation, file sharing, intellectual property and image)
Dr. Casey Marks, director of Professional Programs Development, (ISC)², adds:
Businesses are struggling to cope with all of today’s security threats. The continued convergence of cyber and physical security causes our adversaries to neither think nor act in siloes when they perform malicious activities. An all-encompassing security standard like this will help to provide businesses with needed guidance. Standards are the pillar upon which the concept of professionalization is built, and we’re pleased to be a part of this effort with two well-respected industry organizations.
ASIS, (ISC) ² and ISACA will form a joint technical committee and working group to develop the standard, soliciting input from security experts around the globe. The committee will operate under ASIS’s ANSI-accredited process to develop an American National Standard that can be applied anywhere in the world.
Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA, concludes:
Combining the expertise of our members and leaders will help organizations and their supply chains assess their risks and develop enterprise-wide and site-specific plans and procedures to more effectively manage risk and protect their human, tangible and intangible assets. Security awareness is a business imperative in today’s interconnected world. By bringing together the top security professional organizations, we can share best practices and ensure a collaborative approach to asset protection.
Technical committee formation is expected to begin in April. For more information, contact standards@asisonline.org.
